- name: Set up those proxy certificates.  Good gravy..
  hosts: proxies-stg:proxies
  user: root
  gather_facts: True

  vars_files:
   - /srv/web/infra/ansible/vars/global.yml
   - "/srv/private/ansible/vars.yml"
   - /srv/web/infra/ansible/vars/{{ ansible_distribution }}.yml

  handlers:
  - import_tasks: "{{ handlers_path }}/restart_services.yml"

  roles:

  - role: httpd/mod_ssl

  - role: httpd/certificate
    name: wildcard-2017.fedoraproject.org
    SSLCertificateChainFile: wildcard-2017.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    name: wildcard-2017.fedorahosted.org
    SSLCertificateChainFile: wildcard-2017.fedorahosted.org.intermediate.cert

  - role: httpd/certificate
    name: wildcard-2017.id.fedoraproject.org
    SSLCertificateChainFile: wildcard-2017.id.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    name: wildcard-2017.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2017.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"

  - role: httpd/certificate
    name: wildcard-2017.app.os.stg.fedoraproject.org
    SSLCertificateChainFile: wildcard-2017.app.os.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"
    tags:
    - app.os.fedoraproject.org

  - role: httpd/certificate
    name: wildcard-2017.app.os.fedoraproject.org
    SSLCertificateChainFile: wildcard-2017.app.os.fedoraproject.org.intermediate.cert
    tags:
    - app.os.fedoraproject.org

  - role: httpd/certificate
    name: fedoramagazine.org
    SSLCertificateChainFile: fedoramagazine.org.intermediate.cert

  - role: httpd/certificate
    name: getfedora.org
    SSLCertificateChainFile: getfedora.org.intermediate.cert

  - role: httpd/certificate
    name: flocktofedora.org
    SSLCertificateChainFile: flocktofedora.org.intermediate.cert

  - role: httpd/certificate
    name: qa.stg.fedoraproject.org
    SSLCertificateChainFile: qa.stg.fedoraproject.org.intermediate.cert
    when: env == "staging"

  - role: httpd/certificate
    name: qa.fedoraproject.org
    SSLCertificateChainFile: qa.fedoraproject.org.intermediate.cert

  - role: httpd/certificate
    name: secondary.koji.fedoraproject.org.letsencrypt
    SSLCertificateChainFile: secondary.koji.fedoraproject.org.letsencrypt.intermediate.crt

  - role: httpd/certificate
    name: whatcanidoforfedora.org
    SSLCertificateChainFile: whatcanidoforfedora.org.intermediate.crt
    tags:
    - whatcanidoforfedora.org
